Sign-up

ID

VAR-202004-1469


CVE

CVE-2017-18709


TITLE

NETGEAR R8300 and R8500 Vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-015007

DESCRIPTION

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects R8300 before 1.0.2.94 and R8500 before 1.0.2.94. NETGEAR R8300 and R8500 An unspecified vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R8500 and NETGEAR R8300 are both wireless routers of NETGEAR. There are security vulnerabilities in NETGEAR R8300 versions prior to 1.0.2.94 and R8500 versions prior to 1.0.2.94. No detailed vulnerability details are currently available. This affects R8300 prior to 1.0.2.94 and R8500 prior to 1.0.2.94

Trust: 2.25

sources: NVD: CVE-2017-18709 // JVNDB: JVNDB-2017-015007 // CNVD: CNVD-2020-28009 // VULMON: CVE-2017-18709

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-28009

AFFECTED PRODUCTS

vendor:netgearmodel:r8300scope:ltversion:1.0.2.94

Trust: 1.6

vendor:netgearmodel:r8500scope:ltversion:1.0.2.94

Trust: 1.6

vendor:netgearmodel:r8300scope:eqversion:1.0.2.94

Trust: 0.8

vendor:netgearmodel:r8500scope:eqversion:1.0.2.94

Trust: 0.8

sources: CNVD: CNVD-2020-28009 // JVNDB: JVNDB-2017-015007 // NVD: CVE-2017-18709

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-18709
value: HIGH

Trust: 1.0

cve@mitre.org: CVE-2017-18709
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2017-015007
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-28009
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202004-2098
value: HIGH

Trust: 0.6

VULMON: CVE-2017-18709
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-18709
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2017-015007
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-28009
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2017-18709
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

cve@mitre.org: CVE-2017-18709
baseSeverity: MEDIUM
baseScore: 4.0
vectorString: CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 1.4
impactScore: 2.5
version: 3.0

Trust: 1.0

NVD: JVNDB-2017-015007
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-28009 // VULMON: CVE-2017-18709 // JVNDB: JVNDB-2017-015007 // CNNVD: CNNVD-202004-2098 // NVD: CVE-2017-18709 // NVD: CVE-2017-18709

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2017-18709

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202004-2098

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202004-2098

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-015007

PATCH
title:Security Advisory for Sensitive Information Disclosure on Some Routers, PSV-2017-0309url:https://kb.netgear.com/000053156/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-PSV-2017-0326
Trust: 0.8
title:Patch for NETGEAR R8500 and R8300 have unknown vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/217303
Trust: 0.6
title:NETGEAR R8500  and R8300 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117021
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-28009 // 
            
            
            
            JVNDB: JVNDB-2017-015007 // 
            
            
            
            CNNVD: CNNVD-202004-2098

EXTERNAL IDS
db:NVDid:CVE-2017-18709
Trust: 3.1
db:JVNDBid:JVNDB-2017-015007
Trust: 0.8
db:CNVDid:CNVD-2020-28009
Trust: 0.6
db:CNNVDid:CNNVD-202004-2098
Trust: 0.6
db:VULMONid:CVE-2017-18709
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-28009 // 
            
            
            
            VULMON: CVE-2017-18709 // 
            
            
            
            JVNDB: JVNDB-2017-015007 // 
            
            
            
            CNNVD: CNNVD-202004-2098 // 
            
            
            
            NVD: CVE-2017-18709

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2017-18709
Trust: 2.0
url:https://kb.netgear.com/000053156/security-advisory-for-security-misconfiguration-on-some-routers-psv-2017-0326
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18709
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-28009 // 
            
            
            
            VULMON: CVE-2017-18709 // 
            
            
            
            JVNDB: JVNDB-2017-015007 // 
            
            
            
            CNNVD: CNNVD-202004-2098 // 
            
            
            
            NVD: CVE-2017-18709

SOURCES
db:CNVDid:CNVD-2020-28009
db:VULMONid:CVE-2017-18709
db:JVNDBid:JVNDB-2017-015007
db:CNNVDid:CNNVD-202004-2098
db:NVDid:CVE-2017-18709

LAST UPDATE DATE
2024-11-23T22:37:24.937000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-28009date:2020-05-13T00:00:00
db:VULMONid:CVE-2017-18709date:2020-05-01T00:00:00
db:JVNDBid:JVNDB-2017-015007date:2020-06-03T00:00:00
db:CNNVDid:CNNVD-202004-2098date:2020-05-06T00:00:00
db:NVDid:CVE-2017-18709date:2024-11-21T03:20:43.327

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-28009date:2020-05-13T00:00:00
db:VULMONid:CVE-2017-18709date:2020-04-24T00:00:00
db:JVNDBid:JVNDB-2017-015007date:2020-06-03T00:00:00
db:CNNVDid:CNNVD-202004-2098date:2020-04-24T00:00:00
db:NVDid:CVE-2017-18709date:2020-04-24T14:15:12.670